Reference Capabilities for Flexible Memory Management: Extended Version

Verona is a concurrent object-oriented programming language that organises all the objects in a program into a forest of isolated regions. Memory is managed locally for each region, so programmers can control a program's memory use by adjusting objects' partition into regions, and by setting each region's memory management strategy. A thread can only mutate (allocate, deallocate) objects within one active region -- its "window of mutability". Memory management costs are localised to the active region, ensuring overheads can be predicted and controlled. Moving the mutability window between regions is explicit, so code can be executed wherever it is required, yet programs remain in control of memory use. An ownership type system based on reference capabilities enforces region isolation, controlling aliasing within and between regions, yet supporting objects moving between regions and threads. Data accesses never need expensive atomic operations, and are always thread-safe.Comment: 87 pages, 10 figures, 5 listings, 4 tables. Extended version of paper to be published at OOPSLA 202

LAPS : A General Framework for Modeling Alias Management Using Access Permission Sets

This thesis presents a general model of access control. It uses a simple notion of an access permission token, which gives permission to reference an associated object. Sets of permission tokens are used to model the maximum reach of an object, and reasoning about access to groups of objects. Links between sets are used to model propagation. Restricting access to an object is important for example when dealing with aliasing, multiple references to a single object. Aliasing is ubiquitous in object-oriented  programming, and while practical and even necessary for many purposes, it is also a common source of errors. Since an aliased object may change at any time without notice to the other holders of references to that object, one can generally not guarantee that the state observed through a reference will be the same the next time it is observed. Many techniques for alias control, such as uniqueness and ownership types, have been proposed and implemented to limit and prevent the problems potentially caused by aliasing. However, they are often formulated in very specific settings, making formal comparison between different techniques difficult. This thesis presents a general framework that allows several common alias management policies to be implemented using the same mechanisms, allowing for easy comparison and unification of existing systems, as well as reasoning about new systems. The framework is formally implemented as LAPS, a small object-oriented  language that uses access permission sets to express the aliasing policies of a program. Alias management concepts from several existing languages are translated into LAPS, showing how it can be used as a common platform for reasoning about access control properties  of different systems

Capability-Based Type Systems for Concurrency Control

Since the early 2000s, in order to keep up with the performance predictions of Moore's law, hardware vendors have had to turn to multi-core computers. Today, parallel hardware is everywhere, from massive server halls to the phones in our pockets. However, this parallelism does not come for free. Programs must explicitly be written to allow for concurrent execution, which adds complexity that is not present in sequential programs. In particular, if two concurrent processes share the same memory, care must be taken so that they do not overwrite each other's data. This issue of data-races is exacerbated in object-oriented languages, where shared memory in the form of aliasing is ubiquitous. Unfortunately, most mainstream programming languages were designed with sequential programming in mind, and therefore provide little or no support for handling this complexity. Even though programming abstractions like locks can be used to synchronise accesses to shared memory, the burden of using these abstractions correctly and efficiently is left to the programmer. The contribution of this thesis is programming language technology for controlling concurrency in the presence of shared memory. It is based on the concept of reference capabilities, which facilitate safe concurrent programming by restricting how memory may be accessed and shared. Reference capabilities can be used to enforce correct synchronisation when accessing shared memory, as well as to prevent unsafe sharing when using more fine-grained concurrency control, such as lock-free programming. This thesis presents the design of a capability-based type system with low annotation overhead, that can statically guarantee the absence of data-races without giving up object-oriented features like aliasing, subtyping and code reuse. The type system is formally proven safe, and has been implemented for the highly concurrent object-oriented programming language Encore.UPMAR

Capability-Based Type Systems for Concurrency Control

Since the early 2000s, in order to keep up with the performance predictions of Moore's law, hardware vendors have had to turn to multi-core computers. Today, parallel hardware is everywhere, from massive server halls to the phones in our pockets. However, this parallelism does not come for free. Programs must explicitly be written to allow for concurrent execution, which adds complexity that is not present in sequential programs. In particular, if two concurrent processes share the same memory, care must be taken so that they do not overwrite each other's data. This issue of data-races is exacerbated in object-oriented languages, where shared memory in the form of aliasing is ubiquitous. Unfortunately, most mainstream programming languages were designed with sequential programming in mind, and therefore provide little or no support for handling this complexity. Even though programming abstractions like locks can be used to synchronise accesses to shared memory, the burden of using these abstractions correctly and efficiently is left to the programmer. The contribution of this thesis is programming language technology for controlling concurrency in the presence of shared memory. It is based on the concept of reference capabilities, which facilitate safe concurrent programming by restricting how memory may be accessed and shared. Reference capabilities can be used to enforce correct synchronisation when accessing shared memory, as well as to prevent unsafe sharing when using more fine-grained concurrency control, such as lock-free programming. This thesis presents the design of a capability-based type system with low annotation overhead, that can statically guarantee the absence of data-races without giving up object-oriented features like aliasing, subtyping and code reuse. The type system is formally proven safe, and has been implemented for the highly concurrent object-oriented programming language Encore.UPMAR

LAPS : A General Framework for Modeling Alias Management Using Access Permission Sets

This thesis presents a general model of access control. It uses a simple notion of an access permission token, which gives permission to reference an associated object. Sets of permission tokens are used to model the maximum reach of an object, and reasoning about access to groups of objects. Links between sets are used to model propagation. Restricting access to an object is important for example when dealing with aliasing, multiple references to a single object. Aliasing is ubiquitous in object-oriented  programming, and while practical and even necessary for many purposes, it is also a common source of errors. Since an aliased object may change at any time without notice to the other holders of references to that object, one can generally not guarantee that the state observed through a reference will be the same the next time it is observed. Many techniques for alias control, such as uniqueness and ownership types, have been proposed and implemented to limit and prevent the problems potentially caused by aliasing. However, they are often formulated in very specific settings, making formal comparison between different techniques difficult. This thesis presents a general framework that allows several common alias management policies to be implemented using the same mechanisms, allowing for easy comparison and unification of existing systems, as well as reasoning about new systems. The framework is formally implemented as LAPS, a small object-oriented  language that uses access permission sets to express the aliasing policies of a program. Alias management concepts from several existing languages are translated into LAPS, showing how it can be used as a common platform for reasoning about access control properties  of different systems